summaryrefslogtreecommitdiffstats
path: root/src/providers
Commit message (Collapse)AuthorAgeFilesLines
* SSSD fails to store users if any of the requested attribute is empty.Michal Zidek2013-02-211-0/+6
| | | | https://fedorahosted.org/sssd/ticket/1440
* nested groups: fix group lookup hangs if member dn is incorrectPavel Březina2013-01-291-0/+24
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1783 When dn in member attribute is invalid (e.g. rdn instead of dn) or it is outside of configured search bases, we might hit a situation when tevent_req is marked as done before any callback could be attached on it.
* Do not always return PAM_SYSTEM_ERR when offline krb5 authentication failsJakub Hrozek2013-01-291-1/+2
|
* LDAP: Check validity of naming_contextJakub Hrozek2013-01-291-1/+1
| | | | | | | https://fedorahosted.org/sssd/ticket/1581 If the namingContext attribute had no values or multiple values, then our code would dereference a NULL pointer.
* LDAP: Handle empty namingContexts values safelyStephen Gallagher2013-01-291-0/+8
| | | | | | | | Certain LDAP servers can return an empty string as the value of namingContexts. We need to treat these as NULL so that we can fail gracefully. https://fedorahosted.org/sssd/ticket/1542
* Initialize Kerberos ticket renewal in the IPA providerJakub Hrozek2012-10-111-0/+13
| | | | | | Fixes https://fedorahosted.org/sssd/ticket/1526 in the 1.8 branch
* FO: Check server validity before setting statussssd-1_8_5Jakub Hrozek2012-10-037-33/+49
| | | | | | | | | | | | | | | | | The list of resolved servers is allocated on the back end context and kept in the fo_service structure. However, a single request often resolves a server and keeps a pointer until the end of a request and only then gives feedback about the server based on the request result. This presents a big race condition in case the SRV resolution is used. When there are requests coming in in parallel, it is possible that an incoming request will invalidate a server until another request that holds a pointer to the original server is able to give a feedback. This patch simply checks if a server is in the list of servers maintained by a service before reading its status. https://fedorahosted.org/sssd/ticket/1364
* KRB5: Return PAM_AUTH_ERR on incorrect passwordJakub Hrozek2012-09-211-30/+39
| | | | https://fedorahosted.org/sssd/ticket/1515
* Fixed wrong number in shadowLastChangeJan Zeleny2012-09-071-1/+2
| | | | | The attribute is supposed to contain number of days since the epoch, not the number of seconds.
* KRB5: Only return PAM error for unreachable kpasswd when performing chpassJakub Hrozek2012-09-071-2/+4
| | | | https://fedorahosted.org/sssd/ticket/1452
* Process all groups from a single nesting levelJakub Hrozek2012-08-211-4/+14
| | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done.
* Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTIONJakub Hrozek2012-06-131-3/+4
| | | | https://fedorahosted.org/sssd/ticket/1271
* Fixed issue in SELinux user mapsJan Zeleny2012-05-221-0/+2
| | | | | | There was an issue when IPA provider didn't set PAM_SUCCESS when successfully finished loading SELinux user maps. This lead to the map not being read in the responder.
* LDAP nested groups: Do not process callback with _post deep in the nested ↵Jakub Hrozek2012-05-221-12/+10
| | | | | | structure https://fedorahosted.org/sssd/ticket/1343
* Remove erroneous failure message in find_principal_in_keytabStef Walter2012-05-221-1/+3
| | | | | * When it's actually a failure, then the callers will print a message. Fine tune this.
* If canon'ing principals, write ccache with updated default principalStef Walter2012-05-222-3/+8
| | | | | | | | | | | * When calling krb5_get_init_creds_keytab() with krb5_get_init_creds_opt_set_canonicalize() the credential principal can get updated. * Create the cache file with the correct default credential. * LDAP GSSAPI SASL would fail due to the mismatched credentials before this patch. https://bugzilla.redhat.com/show_bug.cgi?id=811518
* Limit krb5_get_init_creds_keytab() to etypes in keytabStef Walter2012-05-222-0/+36
| | | | | | | | | * Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375
* Warn to syslog when dereference requests failAriel Barria2012-05-221-2/+2
|
* Use the sysdb attribute name, not LDAP attribute nameJakub Hrozek2012-05-162-2/+2
|
* Potential NULL dereference in proxy providerAriel Barria2012-05-141-1/+1
|
* Try all KDCs when getting TGT for LDAPJakub Hrozek2012-05-091-15/+18
| | | | | | | | When the ldap child process is killed after a timeout, try the next KDC. When none of the ldap child processes succeed, just abort the connection because we wouldn't be able to authenticate to the LDAP server anyway. https://fedorahosted.org/sssd/ticket/1324
* Special-case LDAP_SIZELIMIT_EXCEEDEDJakub Hrozek2012-05-071-4/+9
| | | | | | | | | | | | Previous version of the SSSD did not abort the async LDAP search operation on errors. In cases where the request ended in progress, such as when the paging was very strictly limited, the old versions at least returned partial data. This patch special-cases the LDAP_SIZELIMIT_EXCEEDED error to avoid a user-visible regression. https://fedorahosted.org/sssd/ticket/1322
* Read sysdb attribute name, not LDAP attribute map nameJakub Hrozek2012-05-031-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1320
* confdb_get_bool needs a TALLOC_CTX in sssd-1.8Jakub Hrozek2012-04-241-1/+1
|
* Get the RootDSE after binding if not successfull beforeJakub Hrozek2012-04-201-26/+104
| | | | https://fedorahosted.org/sssd/ticket/1258
* sdap_check_aliases must not error when detects the same userJakub Hrozek2012-04-201-13/+31
| | | | https://fedorahosted.org/sssd/ticket/1307
* proxy: new option proxy_fast_aliasJakub Hrozek2012-04-203-43/+123
|
* proxy: Canonicalize user and group namesJakub Hrozek2012-04-201-312/+354
| | | | https://fedorahosted.org/sssd/ticket/1249
* Use the correct options counterJakub Hrozek2012-04-051-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1282
* Clean up log messages about keytab_nameStephen Gallagher2012-04-052-9/+16
| | | | | | | | | There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288
* Catch cases where D-Bus connection is NULLJakub Hrozek2012-04-051-0/+20
| | | | https://fedorahosted.org/sssd/ticket/1270
* Proxy services: Save lowercased protocol names and aliases in ↵Jakub Hrozek2012-03-291-57/+17
| | | | case-insensitive domains
* LDAP services: Save lowercased protocol names in case-insensitive domainsJakub Hrozek2012-03-291-1/+17
| | | | https://fedorahosted.org/sssd/ticket/1260
* Return correct resolv_status on resolver timeoutJakub Hrozek2012-03-292-12/+17
| | | | https://fedorahosted.org/sssd/ticket/1274
* LDAP: Fix memory leaks in synchronous_tls_setupStephen Gallagher2012-03-261-8/+10
| | | | | | | | | | We were never freeing "result" if it was allocated by ldap_result(). We were also not freeing "errmsg" if it was allocated but ldap_parse_result() returned an error. Also disambiguate error messages from ldap_parse_result() and error messages from sss_ldap_get_diagnostic_msg() since they use differing memory-management functions.
* LDAP services: Keep the protocol aroundJakub Hrozek2012-03-261-0/+1
|
* LDAP: Add better error logging when ldap_result() failsStephen Gallagher2012-03-211-1/+3
|
* Make the string_equal() function publicJakub Hrozek2012-03-211-13/+4
|
* LDAP: Errors retrieving the RootDSE should not be fatalStephen Gallagher2012-03-161-15/+8
| | | | | | | | If we can't reach the RootDSE, let's just proceed as if it's unavailable with reasonable defaults. If we fail later on, that's fine. Fixes https://fedorahosted.org/sssd/ticket/1257
* Fix uninitialized variableJakub Hrozek2012-03-161-1/+1
|
* IPA: Allow service lookupsStephen Gallagher2012-03-161-0/+1
|
* IPA: Initialize hbac_ctx to NULLStephen Gallagher2012-03-121-1/+1
|
* Handle empty elements in proxy netgroups:Jakub Hrozek2012-03-091-3/+6
|
* Fix netgroup error handlingJakub Hrozek2012-03-091-17/+59
| | | | https://fedorahosted.org/sssd/ticket/1242
* PROXY: Create fake user entries for group lookupsStephen Gallagher2012-03-091-3/+85
|
* Missing debug message if sdap_sudo_refresh_set_timer failsPavel Březina2012-03-091-1/+5
| | | | https://fedorahosted.org/sssd/ticket/1238
* IPA: Check nsAccountLock during PAM_ACCT_MGMTStephen Gallagher2012-03-094-1/+69
| | | | https://fedorahosted.org/sssd/ticket/1227
* LDAP: Make sdap_access_send/recv publicStephen Gallagher2012-03-092-12/+17
| | | | We want to consume this in the IPA provider.
* Fix nested groups processingJakub Hrozek2012-03-081-26/+60
| | | | | | | Instead of keeping the number of parent groups in "state" and having to reset the count when moving to another group on the same level, keep track of the all groups on a particular level along with their parents and parent count.
* Detect cycle in the fail over on subsequent resolve requests onlyJakub Hrozek2012-03-085-23/+28
|
generated by cgit (git 2.34.1) at 2024-05-24 11:21:21 +0000